This repository has been archived by the owner on Jun 7, 2022. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathraspi_master.yaml
170 lines (138 loc) · 5.32 KB
/
raspi_master.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# See https://wiki.debian.org/RaspberryPi3 for known issues and more details.
steps:
- mkimg: "{{ output }}"
size: 2000M
- mklabel: msdos
device: "{{ output }}"
- mkpart: primary
fs-type: 'fat32'
device: "{{ output }}"
start: 0%
end: 20%
tag: /boot
- mkpart: primary
device: "{{ output }}"
start: 20%
end: 100%
tag: /
- kpartx: "{{ output }}"
- mkfs: vfat
partition: /boot
label: RASPIFIRM
- mkfs: ext4
partition: /
label: RASPIROOT
- mount: /
- mount: /boot
mount-on: /
dirname: '/boot/firmware'
- unpack-rootfs: /
- qemu-debootstrap: buster
mirror: http://deb.debian.org/debian
target: /
arch: __ARCH__
components:
- main
- contrib
- non-free
unless: rootfs_unpacked
- create-file: /etc/apt/sources.list
trailing-newline: '1'
contents: |
deb http://deb.debian.org/debian buster main contrib non-free
deb http://deb.debian.org/debian-security buster/updates main contrib non-free
# Backports are _not_ enabled by default.
# Enable them by uncommenting the following line:
# deb http://deb.debian.org/debian buster-backports main contrib non-free
__OTHER_APT_ENABLE__
unless: rootfs_unpacked
- chroot: /
shell: |
apt-get update
unless: rootfs_unpacked
- apt: install
packages:
- ssh
- parted
- dosfstools
- wireless-tools
- wpasupplicant
- raspi3-firmware
- __LINUX_IMAGE__
__EXTRA_PKGS__
tag: /
unless: rootfs_unpacked
- cache-rootfs: /
unless: rootfs_unpacked
- shell: |
echo "__HOST__-$(date +%Y%m%d)" > "${ROOT?}/etc/hostname"
# Allow root logins locally with no password
sed -i 's,root:[^:]*:,root::,' "${ROOT?}/etc/shadow"
install -m 644 -o root -g root rootfs/etc/fstab "${ROOT?}/etc/fstab"
#not needed for peach
#install -m 644 -o root -g root rootfs/etc/network/interfaces.d/eth0 "${ROOT?}/etc/network/interfaces.d/eth0"
#install -m 600 -o root -g root rootfs/etc/network/interfaces.d/wlan0 "${ROOT?}/etc/network/interfaces.d/wlan0"
install -m 755 -o root -g root rootfs/usr/local/sbin/rpi-set-sysconf "${ROOT?}/usr/local/sbin/rpi-set-sysconf"
install -m 644 -o root -g root rootfs/etc/systemd/system/rpi-set-sysconf.service "${ROOT?}/etc/systemd/system/"
install -m 644 -o root -g root rootfs/boot/firmware/sysconf.txt "${ROOT?}/boot/firmware/sysconf.txt"
mkdir -p "${ROOT?}/etc/systemd/system/basic.target.requires/"
ln -s /etc/systemd/system/rpi-set-sysconf.service "${ROOT?}/etc/systemd/system/basic.target.requires/rpi-set-sysconf.service"
install -m 755 -o root -g root rootfs/usr/sbin/rpi-resizerootfs "${ROOT?}/usr/sbin/rpi-resizerootfs"
install -m 644 -o root -g root rootfs/etc/systemd/system/rpi-resizerootfs.service "${ROOT?}/etc/systemd/system/"
mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/"
ln -s /etc/systemd/system/rpi-resizerootfs.service "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/rpi-resizerootfs.service"
install -m 644 -o root -g root rootfs/etc/systemd/system/rpi-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system/"
mkdir -p "${ROOT?}/etc/systemd/system/multi-user.target.requires/"
ln -s /etc/systemd/system/rpi-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system/multi-user.target.requires/rpi-generate-ssh-host-keys.service"
rm -f "${ROOT?}"/etc/ssh/ssh_host_*_key*
root-fs: /
# Copy the relevant device tree files to the boot partition
- chroot: /
shell: |
install -m 644 -o root -g root __DTB__ /boot/firmware/
# Clean up archive cache (likely not useful) and lists (likely outdated) to
# reduce image size by several hundred megabytes.
- chroot: /
shell: |
apt-get clean
rm -rf /var/lib/apt/lists
# Modify the kernel commandline we take from the firmware to boot from
# the partition labeled raspiroot instead of forcing it to mmcblk0p2
- chroot: /
shell: |
ls -aR /boot
sed -i 's/.dev.mmcblk0p2/LABEL=RASPIROOT/' /boot/firmware/cmdline.txt
# BEGINNING OF PEACH CONFIG
- shell: |
echo "This peach base image was configured on $(date +%Y%m%d) with peach-img-builder version 0.1.0" > "${ROOT?}/srv/peach-img-provenance.log"
root-fs: /
- apt: install
packages:
- git
- python3
- python3-pip
- wget
- gnupg2
tag: /
- chroot: /
shell: |
pip3 install setuptools
echo "deb http://apt.peachcloud.org/ buster main" > /etc/apt/sources.list.d/peach.list
wget -O /tmp/pubkey.gpg http://apt.peachcloud.org/pubkey.gpg
apt-key add /tmp/pubkey.gpg
apt-get update
apt-get install -y peach-config
RUST_LOG=info /usr/bin/peach-config setup -i -n -d
# lastly log which versions of microservices were installed and copy the provenance to the host machine
- chroot: /
shell: |
/usr/bin/peach-config manifest > /srv/peach-img-manifest.log
- shell: |
cp "${ROOT?}/srv/peach-img-manifest.log" /srv/peachcloud/automation/peach-img-builder/peach-img-manifest.log
root-fs: /
# END OF PEACH CONFIG
# TODO(https://github.com/larswirzenius/vmdb2/issues/24): remove once vmdb
# clears /etc/resolv.conf on its own.
- shell: |
rm "${ROOT?}/etc/resolv.conf"
root-fs: /